We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Defending enforcement under CASL: establishing due diligence

In 2014, the anti-spam provisions of Canada’s Anti-Spam Legislation (CASL) came into force, creating a wide array of compliance requirements for businesses. CASL prohibits a person from sending or causing or permitting to be sent to an electronic address a commercial electronic message unless (a) the message is exempt or (b) the message meets the formality requirements and the person receiving the message has consented to receiving it. While the CRTC has only publicly acknowledged one enforcement action under CASL as of February 12, 2015, this series of posts, “Defending Enforcement under CASL,” considers the foundations of a due diligence defence, and how a business can prepare itself.

Generally speaking, CASL puts the onus on the organization subject to an enforcement action to prove that it met its obligations under the legislation. However, the legislation also provides for a defence of due diligence. Section 33(1) of CASL states:

A person must not be found to be liable for a violation if they establish that they exercised due diligence to prevent the commission of the violation.

No court has yet interpreted this provision. However, if an organization wishes to mount a due diligence defence, it appears that it must establish, based on general principles of common law, that:

there was a belief in a mistaken set of facts which, if true, would render the act innocent; or

all reasonable steps to avoid the culpable event were taken. Non-binding guidance from the CRTC and Industry Canada indicates that, in the view of the regulators, a successful due diligence defense does not require demonstrating that every conceivable step was taken. The crux of the defence seems to be the demonstration of reasonable efforts to comply, which may include, among other things, a compliance strategy, adequate record maintenance efforts, employee education, and policies and procedures for external communications.

For a further information, please visit our Anti-Spam Learning Centre. A comprehensive understanding of CASL and how it impacts your business is the first step in compliance with this complicated law. Our other blog posts in the series “Defending Enforcement Under CASL” will be helpful to understand the types of systems and records that will inform a comprehensive compliance strategy.